Survey: About half of organizations use cloud-based services for sensitive data

About half of the information technology and security professionals asked whether they use external cloud-based services for sensitive or confidential data said they did -- but their approaches to encrypting data in the cloud vary widely, according to the findings of the survey published today.

The "Encryption in the Cloud" survey done by Ponemon Institute sought the opinions of more than 4,000 IT professionals in seven countries, including the U.S. About 38% of the respondents said their organizations rely on encryption of data as it's transferred, typically over the Internet, to the cloud. Another 35% said their organizations encrypt data before it's transmitted to the cloud provider so that it remains encrypted within the cloud. 27% answered their organizations perform encryption within the cloud environment, with 16% of those selectively encrypting at the application layer, and 11% letting the cloud provider encrypt stored data as a service.

The survey, sponsored by Thales e-Security, included the U.S., United Kingdom, Germany, France, Australia, Japan and Brazil.

When it comes to the question of managing encryption keys when sensitive or confidential data is transferred to the cloud, 36% of the survey respondents say their organization is responsible for managing the keys. 22% say the cloud provider is the one most responsible for encryption key management. Another 22% say an independent third party in the role of a service provider is most responsible for the key management.

"Even in cases where encryption is performed outside the cloud, more than half of respondents hand over the keys," the survey report says.

The trend to transfer sensitive or confidential data to cloud environments seems to be a growing trend, according to the survey, with another one-third of the survey's respondents saying they, too, are likely to transfer sensitive or confidential data to the cloud over the next two years.

One finding in the survey poses a surprising contrast to the usual accepted notions of cloud services and security. "Companies with the characteristics that indicate a strong overall security posture appear to be more likely to transfer sensitive or confidential information to the cloud environment than companies that appear to have a weaker overall security posture," the survey report states. "In other words, companies that understand security appear to be willing and able to take advantage of the cloud. This finding appears to be at odds with the common suggestion that more security-aware organizations are the more skeptical of cloud security and that it is the less security-aware organizations that are willing to overlook a perceived lack of security."

ARN Distributor Directory

ARN Vendor Directory

Slideshows

Selling the benefits of the software-defined data centre

In looking ahead to the future of the data centre, a software-defined reality is emerging. This exclusive ARN roundtable, in association with APC by Schneider Electric, Cisco, HPE, Lenovo and Veritas, assessed the benefits of selling a software-defined data centre strategy, uncovering the key market trends and ongoing partner opportunities.

The channel toasted the top performing players within the Australian market during 2017, as the 11th running of the ARN ICT Industry Awards kicked off with a Champagne Reception at the Hyatt Regency in Sydney - sponsored by Westcon-Comstor and Juniper Networks.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.